<?php
include("conexion.php");
$rutaActual = $_SERVER['PHP_SELF'];

///// SEGURIDAD EXTRA DESACTIVAR LA DIRECTIVA display_errors EN php.ini

function PrevenirSqlInjection($valor)
{
         // php y html
        $valor = str_ireplace("<?php","",$valor);
        $valor = str_ireplace("<?","",$valor);
        $valor = str_ireplace("Location:","",$valor);
        $valor = str_ireplace("?>","",$valor);    
        $valor = str_ireplace("http-equiv","",$valor);
        $valor = str_ireplace("IFRAME","",$valor);
        $valor = str_ireplace("FRAMESET","",$valor);
        $valor = str_ireplace(" SRC=","",$valor);
        $valor = str_ireplace("<EMBED ","",$valor);
        $valor = str_ireplace("APPLET","",$valor);
        $valor = str_ireplace("<IMG ","",$valor);
        $valor = str_ireplace("<OBJECT ","",$valor);
        $valor = str_ireplace("BGSOUND","",$valor); 
        $valor = str_ireplace(".SWF","",$valor);
        $valor = str_ireplace(".JAR","",$valor);
           
        // javascript  Cross-Site Scripting (XSS)
        $valor = str_ireplace("JAVASCRIPT","JSCRIP",$valor); 
    	$valor = str_ireplace("SCRIPT","LIBRETTO",$valor);
        $valor = str_ireplace("<","&lt;",$valor);
        $valor = str_ireplace(">","&gt;",$valor);
        $valor = str_ireplace("window.location","",$valor);
        $valor = str_ireplace("$(","",$valor); 
        $valor = str_ireplace("document.getElementById","",$valor);        
        $valor = str_ireplace("$(location)","",$valor);        
        $valor = str_ireplace("document.cookie","",$valor);  
        $valor = str_ireplace("$.cookie","",$valor);
        $valor = str_ireplace("HREF","",$valor);    
        $valor = str_ireplace("http://www.youtube.com","",$valor);    
        $valor = str_ireplace(".close();","",$valor);
     
        $valor = str_ireplace("LOCATION","L0CATI0N",$valor);
        $valor = str_ireplace("WINDOW","WIND0W",$valor);    
        
        // mysql
        $valor = str_ireplace("DATABASE()","",$valor);
        $valor = str_ireplace("CURRENT_USER()","",$valor);
        $valor = str_ireplace("USER()","",$valor);
        $valor = str_ireplace("LAST_INSERT_ID()","",$valor);

        $valor = str_ireplace("MYSQL","MY SQL",$valor);
        
        $valor = str_ireplace("SELECT ","5ELECT ",$valor);
        $valor = str_ireplace("INSERT ","IN5ERT ",$valor);
        $valor = str_ireplace(" INTO "," INT0 ",$valor);
        $valor = str_ireplace(" FROM "," FR0M ",$valor);  
        $valor = str_ireplace(" ORDER "," 0RDER ",$valor);
        $valor = str_ireplace("SHOW ","5H0W ",$valor);  
        $valor = str_ireplace("SHUTDOWN","5HUTD0WN",$valor);
        $valor = str_ireplace("ROUTINE","R0UTINE",$valor);    
	$valor = str_ireplace("DROP ","DR0P ",$valor);
        $valor = str_ireplace("COUNT","C0UNT",$valor);
        $valor = str_ireplace("UNION ","UNI0N ",$valor);
	$valor = str_ireplace(" COPY "," C0PY ",$valor);
        $valor = str_ireplace(" OR "," 0R ",$valor);
  
	$valor = str_ireplace("DELETE","ERASE",$valor);   
        $valor = str_ireplace("UPDATE","CORRECT",$valor);
        
        $valor = str_ireplace("DUMP","DRIP",$valor);
        $valor = str_ireplace("TRUNCATE","TRIM",$valor);
        $valor = str_ireplace("LIKE","EQUIVALENT",$valor);
         
        $valor = str_ireplace("%"," 0/0 ",$valor);
 
        
        /*
        
        $valor = str_ireplace("="," EQUAL ",$valor);
	$valor = str_ireplace("--","",$valor);
	$valor = str_ireplace("^","",$valor);
	$valor = str_ireplace("[","",$valor);
	$valor = str_ireplace("]","",$valor);
	$valor = str_ireplace("\\","",$valor);
	$valor = str_ireplace("!","",$valor);
	$valor = str_ireplace("¡","",$valor);
	$valor = str_ireplace("?","",$valor);
	$valor = str_ireplace("&","",$valor);

         */
        
        
	return $valor;
}

function getDatos_BaseDatos($H,$U,$P,$D,$S)
{
 $dbConnection = mysql_pconnect($H,$U,$P);
 mysql_select_db($D, $dbConnection);
 $dbResultSet = mysql_query($S, $dbConnection);
 $aDatos = array();
 while($reg = mysql_fetch_assoc($dbResultSet))
 {
  $aDatos[] = $reg;
 }
 return $aDatos;
}

function getNumeroRegistros($H,$U,$P,$D,$S)
{
 $dbConnection = mysql_pconnect($H,$U,$P);
 mysql_select_db($D, $dbConnection);
 $dbResultSet = mysql_query($S, $dbConnection);
 $iTotReg = mysql_num_rows($dbResultSet);
 return $iTotReg;
}

function datosGuardados($H,$U,$P,$D,$S)
{
 $sDatosGuardados="No";
 $dbConnection = mysql_pconnect($H,$U,$P);
 mysql_select_db($D, $dbConnection);
 mysql_query($S, $dbConnection);
 if(mysql_affected_rows() > -1)
 {
  $sDatosGuardados = "Si";
 }
 return $sDatosGuardados;
}
?>
